(Forensics:
WinAudit Lesson 1)

WinAudit is a great free tool, that will give
you a comprehensive view of the components that make up your system,
including hardware, software and BIOS.

Lab
Notes

In this lab we will do the following:

Download WinAudit.

Install WinAudit.

Create Audit Report

Interrogate Audit Report Sections.

Legal Disclaimer

As a condition of your use of this Web
site, you warrant to computersecuritystudent.com that you will not use
this Web site for any purpose that is unlawful or
that is prohibited by these terms, conditions, and notices.

In accordance with UCC § 2-316, this
product is provided with "no warranties, either express or implied." The
information contained is provided "as-is", with "no guarantee of
merchantability."

In addition, this is a teaching website
that does not condone malicious behavior of
any kind.

You are on notice, that continuing
and/or using this lab outside your "own" test environment
is considered malicious and is against the law.

Notice the following issues: (1) the
screen saver password is not set, (2) automatic updates are turned
off, (3) minimum password length can be set to nothing, (4) lockout
attempts are disabled, (5) ActiveX is allowed, etc.

Shared Permissions

Instructions:

Go To: Security --> Shared
Permissions

Note(FYI):

Below there are three folders that are
shared: (1) ADMIN$, C$, and IPC$.

The entire Hard drive is shared out to
everyone.

Windows Firewall

Instructions:

Go To: Security --> Windows Firewall

Note(FYI):

Notice that the Firewall is not
enabled. In addition, both Remote Assistance and Remote
Desktop are enabled.

Section 5: Running
Programs

Running Programs

Instructions:

Go To: Running Programs

Note(FYI):

This section produces a list of running
programs.

Notice that both telnet and vnc are
running. Telnet is susceptible to sniffer attacks. VNC
could be a problem if authentication is not set.

Section 6: Hardware
Devices

Hardware Devices

Instructions:

Go To: Hardware Devices

Note(FYI):

Notice under the Hardware device tree
their is a list of devices and peripherals.

For a Forensics investigation, you will
need take physical pictures of all peripheral devices attached to
the computer. Then you will need to collect a software
inventory, like below, where you record the device type,
description, manufacture, driver version, etc.